When targeted attacks such as Operation Dragonfly began their offensive against vital infrastructure systems, the security community took notice. These cyber-attacks use a multitude of intrusion methods with the intent to disrupt entire nations’ economies. Not only should targeted attacks be of significant concern for those who dwell within the infosec community, but members of the general populace as well. For our July #SecChat we sought to discuss the methods, targets and end-goals of targeted attacks. Below are some of the highlights.
How are targeted attacks deployed?
The specific nature of targeted attacks separates them from other, less precise cyber-attacks deployed by hackers. Rather than indiscriminately “phishing with dynamite,” targeted attacks identify and strike pre-determined security systems. When we asked #SecChat participants what the most common forms of targeted attacks were, we received a wide array of answers. The most common response listed during the conversation was phishing attacks, but some participants such @SPCoulson and @VirtualTal went even further:
The assortment of tactics used in targeted attacks makes it easy to see why they are so dangerous; there is no one method for organizations to hone in on in their defensive efforts.
Where are targeted attacks setting their sights? What are they after?
With a myriad of intrusion methods at their fingertips, cybercriminals deploying targeted attacks have flexibility when choosing how to breach their potential victims. But, who are they targeting and why? @Securelexicon’s suggests targeted attacks focus on larger scale institutions, such as government, medical, biotech, and financial organizations. By focusing in on government systems, hackers are able to effectively hold an entire nation hostage.
So, what do they have to gain? @ReesJohnson1 identified monetary gains as the main objective for targeted attacks, but noted that attacks focusing on financial institutions did not necessarily have the same goals as those directed towards nation states. @Preator1357 and @Techn0cratic suggested that going after these targets would result in a higher likelihood of causing widespread damage and/or receiving extortion payments – depending on the ultimate goal of the cybercriminal. Other participants backed up @Preator1357, suggesting that a successful targeted attack could severely cripple a nation’s infrastructure and critical services.
How can we prevent and defend against targeted attacks?
After identifying the vast arsenal of cyber warfare tools used by targeted attacks, the next logical step was to look internally and see how we can adapt our security strategies to counteract these threats. When this question was posed during the #SecChat, participants provided different schools of thought on the subject; some favored an aggressive defense, while others sought to mitigate the damage after a security breach. @SecurityBuzz and @phmullins were proponents of education and pre-emptive forms of defense, seeking to root out the kill chain and actively look for potential breaches. Their points were opposed by @Rickhholland who countered with the question of how many organizations are actually using kill chain methodology. On the other end of the spectrum, @HectorDi4z and @SCADAHACKER both wanted to focus on implementing reactionary tactics in order to manage and mitigate the damage after a successful breach.
Our #SecChat was just the tip of a much larger conversation on the future of targeted attacks. What are your thoughts on the subject? Let us know in the comments section below.
Thanks again to all who participated in our July #SecChat. Feel free to read through the whole conversation on Twitter, and don’t forget to follow @McAfeeBusiness on Twitter for details about future chats!